Security Visualization Extended Review Issues, Classifications, Validation Methods, Trends, Extensions

Sönmez, Ferda Özdemir; Günel, Banu

doi:10.4018/978-1-5225-5583-4.ch006

Cited by 1 publication

(2 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Özdemir Sönmez and Günel made a detailed gap analysis for the security visualization domain [14]. This survey study included a detailed investigation of around 80 security visualization studies that were selected among about one thousand earlier studies from the Web of Science database.…”

Section: Related Workmentioning

confidence: 99%

“…showing the visualizations based on data generated using OWASP Zed Attack Proxy (ZAP) tool together with some user-generated sample data as an improvement to the existing web application security vulnerability reporting systems. Few studies focus on the visualization of web application vulnerability scan results in the security visualization domain [14]. The only existing study which targets web application security black-box test results enables visualization of statistical measures.…”

Section: Usage Scenarious For Different Rolesmentioning

confidence: 99%

See 1 more Smart Citation

Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results

Sönmez

Günel

2021

IEEE Access

View full text Add to dashboard Cite

As the number of web applications and the corresponding number and sophistication of the threats increases, creating new tools that are efficient and accessible becomes essential. Although there is much research concentrating on network security visualizations, there are only a few studies considering the web application vulnerabilities' possible visualization options. Consequently, to fill this gap, this research centers around a novel perception configuration to improve web application vulnerability monitoring. This study forms a generic data structure based on data sources that might be readily associated and commonly available for the majority of the web applications. The primary contribution of this study is a new dashboard tool for visualizing dynamic application security test results. Another contribution is the metrics/measures that the tool presents. The paper also describes a validation study in which participants answered quiz questions upon using the tool prototype. For the case study, sample data has been generated using the OWASP ZAP scanner tool and a prototype has been implemented to be used for validation purposes. This study allows the investigation of fifty metrics/measures for the multi-project/phase environment that enhances its benefits if the user aims to monitor a series of analyses' results and the changes between them for more than one web project.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Usage Scenarious For Different Rolesmentioning

confidence: 99%